Controls Reduce Security Threats
Technology is only a part of the measures it takes to produce a strong, secure information system. Well written security policies can lay the ground work and tell employees what is mandated and required to protect the information system. Remote access should be a part of the security policy to control who does what and what they are allowed to access in the system. Setting standards for the types of devices that are allowed to access the system is equally important.
"Without an effective security policy that addresses procedures, mitigation strategies, and periodic training, all other security programs will be less successful." (Welander, 2007) Technology alone will not protect the information system of the business. Employees need to be trained on the security standards that are set for the company. No matter how secure the system is, employees can let intruders in just by checking personal email or exploring the internet on breaks.
"Controlling...
Only management employees should have access to allow someone to enter the system and control what they are allowed to do. With management controlling the access, responsibility is placed where it should be without letting others access something they do not need to do the job.
The security policy should address network login with usernames. Passwords should have minimum and maximum length, be complex, and should be changed periodically. Remote access should designate who is allowed to access and do what. What are the system requirements? What software and applications will be allowed? The internet connections need to be explained in the policy. How are computers tracked? How is equipment and media disposed considering harmful effects? How should media be allowed to be used and stored in the system?…
